Hackers have breached the systems belonging to the State of Utah, stealing nearly 300,000 social security numbers.
The attack on the Utah Department of Technology Services also resulted in an additional 500,000 citizens having other personal information, such as date of birth and home address, disclosed as a result.
The breach represents a significant percentage of Utah's population, which has been estimated at roughly 2.8 million according to census data.
The breach has been traced back to the compromise of a server holding Medicaid records. Originally discovered earlier this month, the breach has been found to be far larger than investigators initially estimated.
In response to the incident the state will provide free credit monitoring for those who have had their social security information stolen. Additionally, governor Gary Herbert is ordering an audit of the entire state government's data security structure.
"Our immediate priority is to protect those whose personal information has been exposed," Herbert said.
"We have mobilised all available resources and personnel in an 'all hands on deck, around the clock' response until every victim is identified and notified."
The breach represents yet another instance of a government agency losing personal information as a result of lax security practices.
Earlier this year the Cheshire East Council incurred a hefty fine after it lost citizen information in a beach.
In response to the rise in incidents, the UK's Information Commissioner's Office has sought to increase the penalties charged to firms that lose data as a result of negligent practices.
According to McAfee security researcher Robert Siciliano, the Utah breach is less an example of a system-wide shortcoming than an indication that even the tightest policies can be breached by a lapse from one user.
"You can put all the locks on a house that you need, but if a thief chooses to look under your doormat for a front door key, he can easily enter and rob you blind," Siciliano said.
"While we do not have all of the specific details of the incident in Salt Lake City, it appears that the systems in question had the encryption measures required, but that a single user’s weak password could have provided access to these sensitive records."
Yeah, sorry about all that, simpers Zuckerberg
Vivaldi promotes DuckDuckGo search engine over Google over privacy concerns
Scientists say that strontium titanate could transform electronics
The wheels of justice grind surprisingly slowly